summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRadu Nicolau <radu.nicolau@intel.com>2018-05-04 12:51:53 +0100
committerDamjan Marion <dmarion.lists@gmail.com>2018-05-04 21:53:29 +0000
commit89c27818b3bba409ed8e4ccacc9be37384b46705 (patch)
tree62c1c7814f5ccef0bc5a5ed5f403207d2bd603cb
parent6168623290ff55e722bf77e448f3df385b6979d1 (diff)
ipsec: allow null/null for crypto/integ algorithms pair
Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.c1
-rw-r--r--src/vat/api_format.c8
-rw-r--r--src/vnet/ipsec/ipsec_api.c2
-rw-r--r--src/vnet/ipsec/ipsec_cli.c4
4 files changed, 8 insertions, 7 deletions
diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 3574f3eced0..5933cf9573e 100644
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -555,6 +555,7 @@ dpdk_ipsec_check_support (ipsec_sa_t * sa)
if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
switch (sa->crypto_alg)
{
+ case IPSEC_CRYPTO_ALG_NONE:
case IPSEC_CRYPTO_ALG_AES_GCM_128:
case IPSEC_CRYPTO_ALG_AES_GCM_192:
case IPSEC_CRYPTO_ALG_AES_GCM_256:
diff --git a/src/vat/api_format.c b/src/vat/api_format.c
index 7e17c9adc6d..924986e03e8 100644
--- a/src/vat/api_format.c
+++ b/src/vat/api_format.c
@@ -15168,7 +15168,7 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam)
if (unformat
(i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
{
- if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+ if (crypto_alg < IPSEC_CRYPTO_ALG_NONE ||
crypto_alg >= IPSEC_CRYPTO_N_ALG)
{
clib_warning ("unsupported crypto-alg: '%U'",
@@ -15182,7 +15182,7 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam)
if (unformat
(i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
{
- if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
+ if (integ_alg < IPSEC_INTEG_ALG_NONE ||
integ_alg >= IPSEC_INTEG_N_ALG)
{
clib_warning ("unsupported integ-alg: '%U'",
@@ -15340,7 +15340,7 @@ api_ipsec_tunnel_if_add_del (vat_main_t * vam)
if (unformat
(i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
{
- if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+ if (crypto_alg < IPSEC_CRYPTO_ALG_NONE ||
crypto_alg >= IPSEC_CRYPTO_N_ALG)
{
errmsg ("unsupported crypto-alg: '%U'\n",
@@ -15352,7 +15352,7 @@ api_ipsec_tunnel_if_add_del (vat_main_t * vam)
if (unformat
(i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
{
- if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
+ if (integ_alg < IPSEC_INTEG_ALG_NONE ||
integ_alg >= IPSEC_INTEG_N_ALG)
{
errmsg ("unsupported integ-alg: '%U'\n",
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 6fb4f556c50..74f993af85a 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -194,7 +194,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler
sa.spi = ntohl (mp->spi);
sa.protocol = mp->protocol;
/* check for unsupported crypto-alg */
- if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+ if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_NONE ||
mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
{
clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 09134e3901b..ef57d52ef67 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -106,7 +106,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
(line_input, "crypto-alg %U", unformat_ipsec_crypto_alg,
&sa.crypto_alg))
{
- if (sa.crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+ if (sa.crypto_alg < IPSEC_CRYPTO_ALG_NONE ||
sa.crypto_alg >= IPSEC_CRYPTO_N_ALG)
{
error = clib_error_return (0, "unsupported crypto-alg: '%U'",
@@ -121,7 +121,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
else if (unformat (line_input, "integ-alg %U", unformat_ipsec_integ_alg,
&sa.integ_alg))
{
- if (sa.integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
+ if (sa.integ_alg < IPSEC_INTEG_ALG_NONE ||
sa.integ_alg >= IPSEC_INTEG_N_ALG)
{
error = clib_error_return (0, "unsupported integ-alg: '%U'",